On The Utility of Conditional Generation Based Mutual Information for Characterizing Adversarial Subspaces
This work addresses the vulnerability of deep learning systems to adversarial attacks, offering an incremental improvement to existing defense mechanisms.
The paper tackles the problem of adversarial examples in deep learning by characterizing adversarial subspaces using mutual information approximated through conditional generation methods, demonstrating that their MI detector strengthens the robustness of MagNet defense against powerful adversarial attacks.
Recent studies have found that deep learning systems are vulnerable to adversarial examples; e.g., visually unrecognizable adversarial images can easily be crafted to result in misclassification. The robustness of neural networks has been studied extensively in the context of adversary detection, which compares a metric that exhibits strong discriminate power between natural and adversarial examples. In this paper, we propose to characterize the adversarial subspaces through the lens of mutual information (MI) approximated by conditional generation methods. We use MI as an information-theoretic metric to strengthen existing defenses and improve the performance of adversary detection. Experimental results on MagNet defense demonstrate that our proposed MI detector can strengthen its robustness against powerful adversarial attacks.